diff options
Diffstat (limited to 'src/migration-scripts/firewall/7-to-8')
-rw-r--r--[-rwxr-xr-x] | src/migration-scripts/firewall/7-to-8 | 106 |
1 files changed, 43 insertions, 63 deletions
diff --git a/src/migration-scripts/firewall/7-to-8 b/src/migration-scripts/firewall/7-to-8 index 17af0f355..b8bcc52cc 100755..100644 --- a/src/migration-scripts/firewall/7-to-8 +++ b/src/migration-scripts/firewall/7-to-8 @@ -1,43 +1,25 @@ -#!/usr/bin/env python3 +# Copyright 2022-2024 VyOS maintainers and contributors <maintainers@vyos.io> # -# Copyright (C) 2022-2024 VyOS maintainers and contributors +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. # -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, +# This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. # -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. +# You should have received a copy of the GNU Lesser General Public License +# along with this library. If not, see <http://www.gnu.org/licenses/>. # T2199: Migrate interface firewall nodes to firewall interfaces <ifname> <direction> name/ipv6-name <name> # T2199: Migrate zone-policy to firewall node -from sys import argv -from sys import exit - from vyos.configtree import ConfigTree -if len(argv) < 2: - print("Must specify file name!") - exit(1) - -file_name = argv[1] - -with open(file_name, 'r') as f: - config_file = f.read() - base = ['firewall'] zone_base = ['zone-policy'] -config = ConfigTree(config_file) - -if not config.exists(base) and not config.exists(zone_base): - # Nothing to do - exit(0) def migrate_interface(config, iftype, ifname, vif=None, vifs=None, vifc=None): if_path = ['interfaces', iftype, ifname] @@ -63,39 +45,37 @@ def migrate_interface(config, iftype, ifname, vif=None, vifs=None, vifc=None): config.copy(if_path + ['firewall'], ['firewall', 'interface', ifname_full]) config.delete(if_path + ['firewall']) -for iftype in config.list_nodes(['interfaces']): - for ifname in config.list_nodes(['interfaces', iftype]): - migrate_interface(config, iftype, ifname) - - if config.exists(['interfaces', iftype, ifname, 'vif']): - for vif in config.list_nodes(['interfaces', iftype, ifname, 'vif']): - migrate_interface(config, iftype, ifname, vif=vif) - - if config.exists(['interfaces', iftype, ifname, 'vif-s']): - for vifs in config.list_nodes(['interfaces', iftype, ifname, 'vif-s']): - migrate_interface(config, iftype, ifname, vifs=vifs) - - if config.exists(['interfaces', iftype, ifname, 'vif-s', vifs, 'vif-c']): - for vifc in config.list_nodes(['interfaces', iftype, ifname, 'vif-s', vifs, 'vif-c']): - migrate_interface(config, iftype, ifname, vifs=vifs, vifc=vifc) - -if config.exists(zone_base + ['zone']): - config.set(['firewall', 'zone']) - config.set_tag(['firewall', 'zone']) - - for zone in config.list_nodes(zone_base + ['zone']): - if 'interface' in config.list_nodes(zone_base + ['zone', zone]): - for iface in config.return_values(zone_base + ['zone', zone, 'interface']): - if '+' in iface: - config.delete_value(zone_base + ['zone', zone, 'interface'], value=iface) - iface = iface.replace('+', '*') - config.set(zone_base + ['zone', zone, 'interface'], value=iface, replace=False) - config.copy(zone_base + ['zone', zone], ['firewall', 'zone', zone]) - config.delete(zone_base) +def migrate(config: ConfigTree) -> None: + if not config.exists(base) and not config.exists(zone_base): + # Nothing to do + return -try: - with open(file_name, 'w') as f: - f.write(config.to_string()) -except OSError as e: - print("Failed to save the modified config: {}".format(e)) - exit(1) + for iftype in config.list_nodes(['interfaces']): + for ifname in config.list_nodes(['interfaces', iftype]): + migrate_interface(config, iftype, ifname) + + if config.exists(['interfaces', iftype, ifname, 'vif']): + for vif in config.list_nodes(['interfaces', iftype, ifname, 'vif']): + migrate_interface(config, iftype, ifname, vif=vif) + + if config.exists(['interfaces', iftype, ifname, 'vif-s']): + for vifs in config.list_nodes(['interfaces', iftype, ifname, 'vif-s']): + migrate_interface(config, iftype, ifname, vifs=vifs) + + if config.exists(['interfaces', iftype, ifname, 'vif-s', vifs, 'vif-c']): + for vifc in config.list_nodes(['interfaces', iftype, ifname, 'vif-s', vifs, 'vif-c']): + migrate_interface(config, iftype, ifname, vifs=vifs, vifc=vifc) + + if config.exists(zone_base + ['zone']): + config.set(['firewall', 'zone']) + config.set_tag(['firewall', 'zone']) + + for zone in config.list_nodes(zone_base + ['zone']): + if 'interface' in config.list_nodes(zone_base + ['zone', zone]): + for iface in config.return_values(zone_base + ['zone', zone, 'interface']): + if '+' in iface: + config.delete_value(zone_base + ['zone', zone, 'interface'], value=iface) + iface = iface.replace('+', '*') + config.set(zone_base + ['zone', zone, 'interface'], value=iface, replace=False) + config.copy(zone_base + ['zone', zone], ['firewall', 'zone', zone]) + config.delete(zone_base)
\ No newline at end of file |